security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

changed trustdb design

This commit is contained in:
Werner Koch 1998-07-21 12:53:38 +00:00
parent 3c53ea75ce
commit 1a80de41a5
20 changed files with 790 additions and 469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
THANKS
View File

@ -14,7 +14,7 @@ Ernst Molitor ernst.molitor@uni-bonn.de
Frank Heckenbach heckenb@mi.uni-erlangen.de
Hendrik Buschkamp buschkamp@rheumanet.org
Ian McKellar imckellar@harvestroad.com.au
James Troup J.J.Troup@scm.brad.ac.uk
James Troup james@nocrew.org
Jean-loup Gailly gzip@prep.ai.mit.edu
Jens Bachem bachem@rrz.uni-koeln.de
Jörg Schilling schilling@fokus.gmd.de

6
TODO
View File

@ -33,12 +33,6 @@
* add checking of armor trailers
* remove all "Fixmes"
* bug: g10/trustdb.c#build_sigrecs called to often by do_list_path
and remove the bad kludge. Maybe we should put all sigs into the trustdb
and mark them as valid/invalid/nopubkey, and how do we check, that
we have a self-signature -> put this stuff into a kind of directory
record, as it does not belong to the pubkey record?
* add an option to create a new user id.
* add an option to re-create a public key from a secret key. Think about

6
doc/DETAILS
View File

@ -100,7 +100,8 @@ Record type 3: (key record)
1 byte reserved
1 u32 LID
1 u32 next - next key record
8 bytes reserved
7 bytes reserved
1 byte keyflags
1 byte pubkey algorithm
1 byte length of the fingerprint (in bytes)
20 bytes fingerprint of the public key
@ -118,7 +119,8 @@ Record type 4: (uid record)
1 u32 next next userid
1 u32 pointer to preference record
1 u32 siglist list of valid signatures
2 byte reserved
1 byte uidflags
1 byte reserved
20 bytes ripemd160 hash of the username.

16
g10/ChangeLog
View File

@ -1,3 +1,19 @@
Tue Jul 21 14:37:09 1998 Werner Koch (wk@(none))
* import.c (import_one): Now creates a trustdb record.
* g10.c (main): New command --check-trustdb
Mon Jul 20 11:15:07 1998 Werner Koch (wk@(none))
* genkey.c (generate_keypair): Default key is now DSA with
encryption only ElGamal subkey.
Thu Jul 16 10:58:33 1998 Werner Koch (wk@isil.d.shuttle.de)
* keyid.c (keyid_from_fingerprint): New.
* getkey.c (get_pubkey_byfprint): New.
Tue Jul 14 18:09:51 1998 Werner Koch (wk@isil.d.shuttle.de)
* keyid.c (fingerprint_from_pk): Add argument and changed all callers.

10
g10/Makefile.am
View File

@ -6,7 +6,7 @@ OMIT_DEPENDENCIES = zlib.h zconf.h
LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@
needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
noinst_PROGRAMS = gpgd
#noinst_PROGRAMS = gpgd
bin_PROGRAMS = gpg gpgm
common_source = \
@ -67,10 +67,10 @@ gpg_SOURCES = g10.c \
gpgm_SOURCES = dearmor.c \
$(common_source)
gpgd_SOURCES = gpgd.c \
ks-proto.h \
ks-proto.c \
$(common_source)
#gpgd_SOURCES = gpgd.c \
# ks-proto.h \
# ks-proto.c \
# $(common_source)
LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@

8
g10/OPTIONS
View File

@ -36,6 +36,14 @@ list-secret-keys
export-secret-keys
# export secret keys (which may be usefuil in some cases)
check-trustdb
#-----------------------------------------------
#--- options
#-----------------------------------------------

77
g10/g10.c
View File

@ -52,43 +52,44 @@ static ARGPARSE_OPTS opts[] = {
{ 300, NULL, 0, N_("@Commands:\n ") },
#ifdef IS_G10
{ 's', "sign", 0, N_("|[file]|make a signature")},
{ 539, "clearsign", 0, N_("|[file]|make a clear text signature") },
{ 'b', "detach-sign", 0, N_("make a detached signature")},
{ 'e', "encrypt", 0, N_("encrypt data")},
{ 'c', "symmetric", 0, N_("encryption only with symmetric cipher")},
{ 507, "store", 0, N_("store only")},
{ 'd', "decrypt", 0, N_("decrypt data (default)")},
{ 550, "verify" , 0, N_("verify a signature")},
{ 's', "sign", 256, N_("|[file]|make a signature")},
{ 539, "clearsign", 256, N_("|[file]|make a clear text signature") },
{ 'b', "detach-sign", 256, N_("make a detached signature")},
{ 'e', "encrypt", 256, N_("encrypt data")},
{ 'c', "symmetric", 256, N_("encryption only with symmetric cipher")},
{ 507, "store", 256, N_("store only")},
{ 'd', "decrypt", 256, N_("decrypt data (default)")},
{ 550, "verify" , 256, N_("verify a signature")},
#endif
{ 551, "list-keys", 0, N_("list keys")},
{ 552, "list-sigs", 0, N_("list keys and signatures")},
{ 508, "check-sigs",0, N_("check key signatures")},
{ 515, "fingerprint", 0, N_("list keys and fingerprints")},
{ 558, "list-secret-keys", 0, N_("list secret keys")},
{ 551, "list-keys", 256, N_("list keys")},
{ 552, "list-sigs", 256, N_("list keys and signatures")},
{ 508, "check-sigs",256, N_("check key signatures")},
{ 515, "fingerprint", 256, N_("list keys and fingerprints")},
{ 558, "list-secret-keys", 256, N_("list secret keys")},
#ifdef IS_G10
{ 503, "gen-key", 0, N_("generate a new key pair")},
{ 554, "add-key", 0, N_("add a subkey to a key pair")},
{ 506, "sign-key" ,0, N_("make a signature on a key in the keyring")},
{ 505, "delete-key",0, N_("remove key from the public keyring")},
{ 524, "edit-key" ,0, N_("edit a key signature")},
{ 525, "change-passphrase", 0, N_("change the passphrase of your secret keyring")},
{ 542, "gen-revoke",0, N_("generate a revocation certificate")},
{ 503, "gen-key", 256, N_("generate a new key pair")},
{ 554, "add-key", 256, N_("add a subkey to a key pair")},
{ 506, "sign-key" ,256, N_("make a signature on a key in the keyring")},
{ 505, "delete-key",256, N_("remove key from the public keyring")},
{ 524, "edit-key" ,256, N_("edit a key signature")},
{ 525, "change-passphrase", 256, N_("change the passphrase of your secret keyring")},
{ 542, "gen-revoke",256, N_("generate a revocation certificate")},
#endif
{ 537, "export" , 0, N_("export keys") },
{ 563, "export-secret-keys" , 0, "@" },
{ 537, "export" , 256, N_("export keys") },
{ 563, "export-secret-keys" , 256, "@" },
{ 565, "do-not-export-rsa", 0, "@" },
{ 530, "import", 0 , N_("import/merge keys")},
{ 521, "list-packets",0,N_("list only the sequence of packets")},
{ 530, "import", 256 , N_("import/merge keys")},
{ 521, "list-packets",256,N_("list only the sequence of packets")},
#ifdef IS_G10MAINT
{ 564, "list-ownertrust", 0, "list the ownertrust values"},
{ 546, "dearmor", 0, N_("De-Armor a file or stdin") },
{ 547, "enarmor", 0, N_("En-Armor a file or stdin") },
{ 555, "print-md" , 0, N_("|algo [files]|print message digests")},
{ 516, "print-mds" , 0, N_("print all message digests")},
{ 564, "list-ownertrust", 256, N_("list the ownertrust values")},
{ 567, "check-trustdb",0 , N_("|[NAMES]|check the trust database")},
{ 546, "dearmor", 256, N_("De-Armor a file or stdin") },
{ 547, "enarmor", 256, N_("En-Armor a file or stdin") },
{ 555, "print-md" , 256, N_("|algo [files]|print message digests")},
{ 516, "print-mds" , 256, N_("print all message digests")},
#ifdef MAINTAINER_OPTIONS
{ 513, "gen-prime" , 0, "@" },
{ 548, "gen-random" , 0, "@" },
{ 513, "gen-prime" , 256, "@" },
{ 548, "gen-random" , 256, "@" },
#endif
#endif
@ -143,6 +144,7 @@ static ARGPARSE_OPTS opts[] = {
#ifdef IS_G10MAINT
{ 514, "test" , 0, "@" },
{ 564, "list-ownertrust",0 , "@"},
{ 567, "check-trustdb",0 , "@"},
{ 531, "list-trustdb",0 , "@"},
{ 533, "list-trust-path",0, "@"},
#endif
@ -182,7 +184,7 @@ enum cmd_values { aNull = 0,
aListSigs, aKeyadd, aListSecretKeys,
aExport, aExportSecret,
aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
aListTrustDB, aListTrustPath, aListOwnerTrust,
aCheckTrustDB, aListTrustDB, aListTrustPath, aListOwnerTrust,
aDeArmor, aEnArmor, aGenRandom,
aTest };
@ -195,7 +197,6 @@ static void set_cmd( enum cmd_values *ret_cmd,
#ifdef IS_G10MAINT
static void print_hex( byte *p, size_t n );
static void print_mds( const char *fname, int algo );
static void do_test(int);
#endif
const char *
@ -541,6 +542,7 @@ main( int argc, char **argv )
#endif
case 516: set_cmd( &cmd, aPrintMDs); break;
case 531: set_cmd( &cmd, aListTrustDB); break;
case 567: set_cmd( &cmd, aCheckTrustDB); break;
case 533: set_cmd( &cmd, aListTrustPath); break;
case 540: break; /* dummy */
case 546: set_cmd( &cmd, aDeArmor); break;
@ -1032,6 +1034,15 @@ main( int argc, char **argv )
}
break;
case aCheckTrustDB:
if( !argc )
check_trustdb(NULL);
else {
for( ; argc; argc--, argv++ )
check_trustdb( *argv );
}
break;
case aListTrustPath:
if( argc != 2 )
wrong_args("--list-trust-path [-- -]<maxdepth> <username>");

14
g10/getkey.c
View File

@ -464,6 +464,20 @@ get_pubkey_byname( PKT_public_key *pk, const char *name )
}
/****************
* Search for a key with the given fingerprint.
*/
int
get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint, size_t fprint_len)
{
int rc;
if( fprint_len == 20 || fprint_len == 16 )
rc = lookup( pk, fprint_len, NULL, fprint, NULL );
else
rc = G10ERR_GENERAL; /* Oops */
return rc;
}
/****************
* Search for a key with the given fingerprint and return the

11
g10/import.c
View File

@ -381,6 +381,17 @@ import_one( const char *fname, KBNODE keyblock )
else
log_info_f(fname, _("key %08lX: not changed\n"), (ulong)keyid[1] );
}
if( !rc ) {
rc = query_trust_record( pk_orig );
if( rc && rc != -1 )
log_error("trustdb error: %s\n", g10_errstr(rc) );
else if( rc == -1 ) {
rc = insert_trust_record( pk_orig );
if( rc )
log_error("key %08lX: trustdb insert failed: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
}
}
leave:
release_kbnode( keyblock_orig );

5
g10/keydb.h
View File

@ -112,6 +112,8 @@ void add_secret_keyring( const char *name );
int get_pubkey( PKT_public_key *pk, u32 *keyid );
int get_pubkey_byname( PKT_public_key *pk, const char *name );
int get_seckey( PKT_secret_key *sk, u32 *keyid );
int get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint,
size_t fprint_len );
int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
size_t fprint_len );
int seckey_available( u32 *keyid );
@ -125,12 +127,13 @@ int pubkey_letter( int algo );
u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );
u32 keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid );
unsigned nbits_from_pk( PKT_public_key *pk );
unsigned nbits_from_sk( PKT_secret_key *sk );
const char *datestr_from_pk( PKT_public_key *pk );
const char *datestr_from_sk( PKT_secret_key *sk );
const char *datestr_from_sig( PKT_signature *sig );
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf; size_t *ret_len );
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
/*-- kbnode.c --*/

4
g10/keygen.c
View File

@ -371,7 +371,7 @@ check_valid_days( const char *s )
/****************
* Returns o to create both a DSA and a ElGamal key.
* Returns: 0 to create both a DSA and a ElGamal key.
*/
static int
ask_algo( int *ret_v4, int addmode )
@ -756,7 +756,7 @@ generate_keypair()
algo = ask_algo( &v4, 0 );
if( !algo ) {
algo = PUBKEY_ALGO_ELGAMAL;
algo = PUBKEY_ALGO_ELGAMAL_E;
both = 1;
tty_printf(_("DSA keypair will have 1024 bits.\n"));
}

37
g10/keyid.c
View File

@ -189,6 +189,43 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
}
/****************
* Get the keyid from the fingerprint. This function is simple for most
* keys, but has to do a keylookup for old stayle keys.
*/
u32
keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid )
{
u32 dummy_keyid[2];
if( !keyid )
keyid = dummy_keyid;
if( fprint_len != 20 ) {
/* This is special as we have to lookup the key first */
PKT_public_key pk;
int rc;
memset( &pk, 0, sizeof pk );
rc = get_pubkey_byfprint( &pk, fprint, fprint_len );
if( rc ) {
log_error("Oops: keyid_from_fingerprint: no pubkey\n");
keyid[0] = 0;
keyid[1] = 0;
}
else
keyid_from_pk( &pk, keyid );
}
else {
const byte *dp = fprint;
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
}
return keyid[1];
}
u32
keyid_from_sig( PKT_signature *sig, u32 *keyid )
{

2
g10/pkclist.c
View File

@ -49,7 +49,7 @@ query_ownertrust( ulong lid )
PKT_public_key *pk ;
int changed=0;
rc = keyid_from_trustdb( lid, keyid );
rc = keyid_from_lid( lid, keyid );
if( rc ) {
log_error("ooops: can't get keyid for lid %lu\n", lid);
return 0;

92
g10/tdbio.c
View File

@ -147,11 +147,11 @@ create_db( const char *fname )
fp =fopen( fname, "w" );
if( !fp )
log_fatal_f( fname, _("can't create %s: %s\n"), strerror(errno) );
fwrite_8( fp, 2 );
fwrite_8( fp, 1 ); /* record type */
fwrite_8( fp, 'g' );
fwrite_8( fp, 'p' );
fwrite_8( fp, 'g' );
fwrite_8( fp, 1 ); /* version */
fwrite_8( fp, 2 ); /* version */
fwrite_zeros( fp, 3 ); /* reserved */
fwrite_32( fp, 0 ); /* not locked */
fwrite_32( fp, make_timestamp() ); /* created */
@ -183,11 +183,12 @@ open_db()
void
tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
tdbio_dump_record( TRUSTREC *rec, FILE *fp )
{
int i, any;
ulong rnum = rec->recnum;
fprintf(fp, "rec %5lu, type=", rnum );
fprintf(fp, "rec %5lu, ", rnum );
switch( rec->rectype ) {
case 0: fprintf(fp, "free\n");
@ -201,30 +202,36 @@ tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
rec->r.dir.uidlist,
rec->r.dir.cacherec,
rec->r.dir.ownertrust );
if( rec->r.dir.sigflag == 1 )
fputs(", (none)", fp );
else if( rec->r.dir.sigflag == 2 )
fputs(", (invalid)", fp );
else if( rec->r.dir.sigflag == 3 )
fputs(", (revoked)", fp );
else if( rec->r.dir.sigflag )
fputs(", (??)", fp );
if( rec->r.dir.dirflags & DIRF_ERROR )
fputs(", error", fp );
if( rec->r.dir.dirflags & DIRF_CHECKED )
fputs(", checked", fp );
if( rec->r.dir.dirflags & DIRF_REVOKED )
fputs(", revoked", fp );
if( rec->r.dir.dirflags & DIRF_MISKEY )
fputs(", miskey", fp );
putc('\n', fp);
break;
case RECTYPE_KEY:
fprintf(fp, "key %lu, next=%lu, algo=%d, flen=%d\n",
fprintf(fp, "key %lu, next=%lu, algo=%d, flen=%d",
rec->r.key.lid,
rec->r.key.next,
rec->r.key.pubkey_algo,
rec->r.key.fingerprint_len );
if( rec->r.key.keyflags & KEYF_REVOKED )
fputs(", revoked", fp );
putc('\n', fp);
break;
case RECTYPE_UID:
fprintf(fp, "uid %lu, next=%lu, pref=%lu, sig=%lu, hash=%02X%02X\n",
fprintf(fp, "uid %lu, next=%lu, pref=%lu, sig=%lu, hash=%02X%02X",
rec->r.uid.lid,
rec->r.uid.next,
rec->r.uid.prefrec,
rec->r.uid.siglist,
rec->r.uid.namehash[18], rec->r.uid.namehash[19]);
if( rec->r.uid.uidflags & UIDF_REVOKED )
fputs(", revoked", fp );
putc('\n', fp);
break;
case RECTYPE_PREF:
fprintf(fp, "pref %lu, next=%lu\n",
@ -253,11 +260,11 @@ tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
case RECTYPE_HTBL:
fprintf(fp, "htbl\n");
break;
case RECTYPE_HTBL:
case RECTYPE_HLST:
fprintf(fp, "hlst\n");
break;
default:
fprintf(fp, "%d (unknown)\n", rec->rectype );
fprintf(fp, "unknown type %d\n", rec->rectype );
break;
}
}
@ -330,7 +337,7 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
rec->r.dir.uidlist = buftoulong(p); p += 4;
rec->r.dir.cacherec = buftoulong(p); p += 4;
rec->r.dir.ownertrust = *p++;
rec->r.dir.sigflag = *p++;
rec->r.dir.dirflags = *p++;
if( rec->r.dir.lid != recnum ) {
log_error_f( db_name, "dir LID != recnum (%lu,%lu)\n",
rec->r.dir.lid, (ulong)recnum );
@ -340,7 +347,8 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
case RECTYPE_KEY: /* public key record */
rec->r.key.lid = buftoulong(p); p += 4;
rec->r.key.next = buftoulong(p); p += 4;
p += 8;
p += 7;
rec->r.key.keyflags = *p++;
rec->r.key.pubkey_algo = *p++;
rec->r.key.fingerprint_len = *p++;
if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
@ -352,7 +360,8 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
rec->r.uid.next = buftoulong(p); p += 4;
rec->r.uid.prefrec = buftoulong(p); p += 4;
rec->r.uid.siglist = buftoulong(p); p += 4;
p += 2;
rec->r.uid.uidflags = *p++;
p ++;
memcpy( rec->r.uid.namehash, p, 20);
break;
case RECTYPE_PREF: /* preference record */
@ -413,14 +422,15 @@ tdbio_write_record( TRUSTREC *rec )
ulongtobuf(p, rec->r.dir.uidlist); p += 4;
ulongtobuf(p, rec->r.dir.cacherec); p += 4;
*p++ = rec->r.dir.ownertrust;
*p++ = rec->r.dir.sigflag;
*p++ = rec->r.dir.dirflags;
assert( rec->r.dir.lid == recnum );
break;
case RECTYPE_KEY:
ulongtobuf(p, rec->r.key.lid); p += 4;
ulongtobuf(p, rec->r.key.next); p += 4;
p += 8;
p += 7;
*p++ = rec->r.key.keyflags;
*p++ = rec->r.key.pubkey_algo;
*p++ = rec->r.key.fingerprint_len;
memcpy( p, rec->r.key.fingerprint, 20); p += 20;
@ -431,7 +441,8 @@ tdbio_write_record( TRUSTREC *rec )
ulongtobuf(p, rec->r.uid.next); p += 4;
ulongtobuf(p, rec->r.uid.prefrec); p += 4;
ulongtobuf(p, rec->r.uid.siglist); p += 4;
p += 2;
*p++ = rec->r.uid.uidflags;
p++;
memcpy( p, rec->r.uid.namehash, 20 ); p += 20;
break;
@ -472,6 +483,15 @@ tdbio_write_record( TRUSTREC *rec )
return rc;
}
int
tdbio_delete_record( ulong recnum )
{
TRUSTREC rec;
rec.recnum = recnum;
rec.rectype = 0;
return tdbio_write_record( &rec );
}
/****************
* create a new record and return its record number
@ -495,7 +515,8 @@ tdbio_new_recnum()
* returns another recnum */
memset( &rec, 0, sizeof rec );
rec.rectype = 0; /* free record */
rc = tdbio_write_record(recnum, &rec );
rec.recnum = recnum;
rc = tdbio_write_record( &rec );
if( rc )
log_fatal_f(db_name,_("failed to append a record: %s\n"),
g10_errstr(rc));
@ -530,10 +551,10 @@ tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec )
if( rec->r.key.pubkey_algo == pk->pubkey_algo
&& !memcmp(rec->r.key.fingerprint, fingerprint, fingerlen) ) {
/* found: read the dir record for this key */
rc = tdbio_read_record( rec->r.key.lid, rec, RECTYPE_DIR);
recnum = rec->r.key.lid;
rc = tdbio_read_record( recnum, rec, RECTYPE_DIR);
if( rc )
break;
if( pk->local_id && pk->local_id != recnum )
log_error_f(db_name,
"found record, but LID from memory does "
@ -549,22 +570,13 @@ tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec )
}
/****************
* Delete the Userid UIDLID from DIRLID
*/
int
tdbio_update_sigflag( ulong lid, int sigflag )
tdbio_delete_uidrec( ulong dirlid, ulong uidlid )
{
TRUSTREC rec;
if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) {
log_error("update_sigflag: read failed\n");
return G10ERR_TRUSTDB;
}
rec.r.dir.sigflag = sigflag;
if( tdbio_write_record( lid, &rec ) ) {
log_error("update_sigflag: write failed\n");
return G10ERR_TRUSTDB;
}
return 0;
return G10ERR_GENERAL; /* not implemented */
}

30
g10/tdbio.h
View File

@ -40,11 +40,23 @@
#define RECTYPE_HLST 11
#define DIRF_CHECKED 1 /* everything has been checked, the other bits are
valid */
#define DIRF_MISKEY 2 /* some keys are missing, so they could not be checked*/
#define DIRF_ERROR 4 /* severe errors: the key is not valid for some reasons
but we mark it to avoid duplicate checks */
#define DIRF_REVOKED 8 /* the complete key has been revoked */
#define KEYF_REVOKED DIRF_REVOKED /* this key has been revoked
(only useful on subkeys)*/
#define UIDF_REVOKED DIRF_REVOKED /* this user id has been revoked */
struct trust_record {
int rectype;
struct trust_record *next; /* help pointer to build lists in memory */
struct trust_record *help_pref;
struct trust_record *help_sig;
int mark;
ulong recnum;
union {
@ -64,11 +76,12 @@ struct trust_record {
ulong uidlist; /* list of uid records */
ulong cacherec; /* the cache record */
byte ownertrust;
byte sigflag;
byte dirflags;
} dir;
struct { /* primary public key record */
ulong lid;
ulong next; /* next key */
byte keyflags;
byte pubkey_algo;
byte fingerprint_len;
byte fingerprint[20];
@ -78,6 +91,7 @@ struct trust_record {
ulong next; /* points to next user id record */
ulong prefrec; /* recno of preference record */
ulong siglist; /* list of valid signatures (w/o self-sig)*/
byte uidflags;
byte namehash[20]; /* ripemd hash of the username */
} uid;
struct { /* preference reord */
@ -90,7 +104,7 @@ struct trust_record {
ulong next; /* recnno of next record or NULL for last one */
struct {
ulong lid; /* of pubkey record of signator (0=unused) */
byte flag; /* reserved */
byte flag; /* SIGRF_xxxxx */
} sig[SIGS_PER_RECORD];
} sig;
struct { /* cache record */
@ -113,14 +127,15 @@ struct trust_record {
typedef struct trust_record TRUSTREC;
typedef struct {
ulong local_id; /* localid of the pubkey */
ulong lid; /* localid */
ulong sigrec;
ulong sig_id; /* returned signature id */
ulong sig_lid; /* returned signatures LID */
unsigned sig_flag; /* returned signature record flag */
struct { /* internal data */
int init_done;
int eof;
TRUSTREC rec;
ulong nextuid;
int index;
} ctl;
} SIGREC_CONTEXT;
@ -129,12 +144,13 @@ typedef struct {
/*-- tdbio.c --*/
int tdbio_set_dbname( const char *new_dbname, int create );
const char *tdbio_get_dbname(void);
void tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
int tdbio_write_record( TRUSTREC *rec );
int tdbio_delete_record( ulong recnum );
ulong tdbio_new_recnum(void);
int tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec );
int tdbio_update_sigflag( ulong lid, int sigflag );
int tdbio_delete_uidrec( ulong dirlid, ulong uidlid );
#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \

909
g10/trustdb.c
View File

File diff suppressed because it is too large Load Diff

3
g10/trustdb.h
View File

@ -39,12 +39,13 @@
void list_trustdb(const char *username);
void list_trust_path( int max_depth, const char *username );
void list_ownertrust(void);
void check_trustdb( const char *username );
int init_trustdb( int level, const char *dbname );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
int query_trust_info( PKT_public_key *pk );
int enum_trust_web( void **context, ulong *lid );
int get_ownertrust( ulong lid, unsigned *r_otrust );
int keyid_from_trustdb( ulong lid, u32 *keyid );
int keyid_from_lid( ulong lid, u32 *keyid );
int query_trust_record( PKT_public_key *pk );
int insert_trust_record( PKT_public_key *pk );
int update_ownertrust( ulong lid, unsigned new_trust );

BIN
tools/mk-tdata
View File

Binary file not shown.

8
util/ChangeLog
View File

@ -1,3 +1,11 @@
Tue Jul 21 10:35:48 1998 Werner Koch (wk@(none))
* argparse.c: New option flag to distinguish options and commands.
Sat Jul 18 19:49:30 1998 Werner Koch (wk@(none))
* argparse.c (arg_parse): Added -? as alias for -h
Thu Jul 9 14:47:20 1998 Werner Koch (wk@isil.d.shuttle.de)
* secmem.c (secmem_init): Drops setuid if called with 0.

19
util/argparse.c
View File

@ -83,11 +83,12 @@
* 4 = takes ulong argument
* Bit 3 : argument is optional (r_type will the be set to 0)
* Bit 4 : allow 0x etc. prefixed values.
* Bit 7 : this is an command and not an option
* If can stop the option processing by setting opts to NULL, the function will
* then return 0.
* @Return Value
* Returns the args.r_opt or 0 if ready
* r_opt may be -2 to indicate an unknown option.
* r_opt may be -2/-7 to indicate an unknown option/command.
* @See Also
* ArgExpand
* @Notes
@ -157,6 +158,8 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
s = "%s:%u: keyword too long\n";
else if( arg->r_opt == -3 )
s = "%s:%u: missing argument\n";
else if( arg->r_opt == -7 )
s = "%s:%u: invalid command\n";
else
s = "%s:%u: invalid option\n";
log_error(s, filename, *lineno );
@ -164,6 +167,8 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
else {
if( arg->r_opt == -3 )
s = "Missing argument for option \"%.50s\"\n";
else if( arg->r_opt == -7 )
s = "Invalid command \"%.50s\"\n";
else
s = "Invalid option \"%.50s\"\n";
log_error(s, arg->internal.last? arg->internal.last:"[??]" );
@ -220,8 +225,8 @@ optfile_parse( FILE *fp, const char *filename, unsigned *lineno,
arg->r_opt = opts[index].short_opt;
if( inverse )
arg->r_opt = -arg->r_opt;
if( !opts[index].short_opt )
arg->r_opt = -2; /* unknown option */
if( !opts[index].short_opt ) /* unknown command/option */
arg->r_opt = (opts[index].flags & 256)? -7:-2;
else if( (opts[index].flags & 8) ) /* no argument */
arg->r_opt = -3; /* error */
else /* no or optiona argument */
@ -279,7 +284,7 @@ optfile_parse( FILE *fp, const char *filename, unsigned *lineno,
index = i;
arg->r_opt = opts[index].short_opt;
if( !opts[index].short_opt ) {
arg->r_opt = -2; /* unknown option */
arg->r_opt = (opts[index].flags & 256)? -7:-2;
state = -1; /* skip rest of line and leave */
}
else
@ -390,7 +395,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
arg->r_opt = opts[i].short_opt;
if( !opts[i].short_opt ) {
arg->r_opt = -2; /* unknown option */
arg->r_opt = (opts[i].flags & 256)? -7:-2;
arg->r.ret_str = s+2;
}
else if( (opts[i].flags & 7) ) {
@ -438,12 +443,12 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
break;
}
if( !opts[i].short_opt && *s == 'h' )
if( !opts[i].short_opt && ( *s == 'h' || *s == '?' ) )
show_help(opts, arg->flags);
arg->r_opt = opts[i].short_opt;
if( !opts[i].short_opt ) {
arg->r_opt = -2; /* unknown option */
arg->r_opt = (opts[i].flags & 256)? -7:-2;
arg->internal.inarg++; /* point to the next arg */
arg->r.ret_str = s;
}